REMARKS 

Claims 1-20 remain pending in the application. Claims 8-11 and 17-20 are allowed. 
Claims 1-3, 12-14 and 16 are rejected. Claims 4-7 and 15 are objected to as being dependent 
upon a rejected base claim. Claims 5-7 are dependent to claim 4, therefore, are objected under 
the same rationale. 

Pending Patent Applications 
Applicants respectfully note that some portions of the disclosure of the present 
application are related to some portions of the disclosure of U.S. Patent Application Serial No. 
09/999,881 filed on October 31, 2001, and U.S. Patent Application Serial No. 10/044,667, filed 
on January 11, 2002. However, they are not related in the sense of lineage or claiming, but only 
that they may be related in some overlapping portions of the disclosure. Further, a Terminal 
Disclaimer was filed in the course of prosecution of U.S. Patent Application Serial No. 
10/044,667 with respect to U.S. Patent Application Serial No. 09/999,881. However, the filing 
of the Terminal Disclaimer was not an admission that the claims were related, but was filed to 
move prosecution forward. Quad Environmental Technologies Corp. vs. Union Sanitary 
District, 946 F.2d 870, 20 USPQ2d 1392 (Fed Cir. 1991). See, e.g., MPEP §804.03. 

Claim Rejections - 35 U.S.C. §103 
Claims 1-3, 12-14 and 16 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
U.S. Patent 4,926,476 (Covey) and fiirther in view of U.S. Patent No. 4,173,783 (Couleur). 
Applicants respectfiilly traverse this rejection. 

In the Final Office Action dated June 11, 2008, the Examiner again, focuses on the 

argument relating to whether Covey discloses or make obvious the establishment of a security 
level to a software object. The Examiner, in the Final Office Action, asserts that Covey is 
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directed to observing security behavior of untrusted software under test conditions and a trusted 
computing base (TCB) enforces security policy by enforcing constrains on accesses by certain 
entities. There are several flaws in the Examiner's reasoning. Firstly, the Examiner asserts that 
objects may be simply files, I/O devices, memory pages segments, etc.; however, the claims call 
for software objects with various non-limiting examples provided in the Specification. 

Further, in the Final Office Action, the Examiner seems to support Applicant's arguments 
that the TCB imposes certain constraints that refer to the data and not the software objects 
themselves. As described in fiirther detail below. Covey is directed to providing mechanisms to 
constrain untrusted software to read data from only certain sensitive levels and to write data at 
only certain sensitive levels. The sensitivity levels only relates directly to data and not to 
software objects . Therefore, regardless of the Examiner's assertion that Covey's invention is to 
observe security behavior of untrusted software, it is abundantly clear that Covey does not 
disclose establishing a security level for a software object, but instead refers to sensitivity levels 
with respect to data. 

Further, Covey provides indications that it is not referring to establishing security levels 
for software objects because it explicitly specifies that software need not be examined before it is 
permitted to handle multi-level security data. In other words. Covey is explicit in differentiating 
sensitivity levels being established with respect to data versus the actual software . Therefore, 
Covey simply fails to teach or make obvious the element of establishing the security level 
relating to a software object and Couleur does not make up for this deficit. Further, the 
Examiner argues in the Final Office Action that the RAM 60 in order to enforce different 
security policies at different times anticipates establishing a security level. In the Final Office 
Action, the Examiner deduces that the enforcement process performed by the RAM 60 equates to 
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establishing security levels for a software object. However, the Examiner provides no evidence 
to support this assertion. As described herein, Covey simply does not disclose establishing a 
security policy relating to a software object, as described in fiirther details below. 

Moreover, in the Final Office Action, with regard to the argument that those skilled in the 
art would not combine Covey and Couleur in the manner provided in the claims, the Examiner 
responds by asserting that Covey and Couleur do not need to disclose anjrthing over and above 
the invention as claimed to render it unpatentable or anticipated. However this assertion does 
not advance the Examiner's position in combining Covey and Couleur. The Examiner simply 
states that Covey teaches memory access, which is page memory, but Covey is silent on the 
capability of showing multi-table I/O space access. Couleur, on the other hand, teaches multi- 
table T/0 space in the abstract, Figure 1 . However, as described further below, the combination 
of Covey and Couleur simply would not make obvious all of the elements of the claims of the 
present invention. Further, there is no evidence that those skilled in the art would find 
motivation to combine them in the manner claimed. Covey is directed to memory access, an 
more particularly, page memory. In contrast, Covey is directed to execution of untrusted 
software. There is no evidence to show, without employing improper hindsight reasoning, those 
skilled in the art would combine these two prior art references in the manner claimed in the 
present application. 

As noted above, the combination of Covey and Couleur do not teach, disclose or make 
obvious all of the elements of claims of the present invention. For example, the Examiner 
asserts that Covey discloses or makes obvious the claim element of establishing a security level 
for a software object that is executed (see for example claim 1). The Examiner cites to section of 
Covey that discuss "sensitivity levels" to argue obviousness of the security level of the software 
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object of claims of the present invention. However, the Examiner has misapplied the "sensitivity 
levels" disclosure of Covey. Covey discloses that it contains mechanisms to "constrain untrusted 
software to read data from only certain sensitivity levels and to write data at only certain other 
sensitivity levels " (emphasis added). See col. 3, lines 3-5; Absfract. The sensitivity level of 
Covey is related to the data and not to the software object . In contrast, claim 1 calls for 
"establishing a security level for said software object." Examiner analysis is clearly a 
misapplication of the prior art. Covey is explicitly clear that the sensitivity levels relates directly 
to only data and not to software objects. In fact, Covey explicitly asserts that software need not 
be examined before it is permitted to handle multi-level security data. See Absfract. This is 
another clear indication that Covey is simply not directed to establishing security levels to 
software objects. Therefore, it is abundantly clear that Covey does not disclose or make obvious 
any type of establishment of a security level to a software object. Instead, Cov^ discloses 
assigning sensitivity level tags to calculate certain sensitivity levels related to stored data. See 
col. 5, lines 15-19. Covey explicitly indicates that calculation is made for operation results based 
upon how software relates to data from different classification or security levels . See col. 6, 
lines 8-10. Therefore, the calculation of sensitivity levels in Covey only relates to data and not to 
software objects. Accordingly, the element of establishing a security level for software object of 
claim 1 is not made obvious by Covey and, fiirther, Couleur does not make up for this deficit. 

Further, the Examiner makes conflicting assertions that undermines Examiner's 
arguments. First, the Examiner asserts that the multi-table input/output (I/O) space access is 
disclosed by Covey; and then, asserts that Covey is silent on the capability of showing the multi- 
table I/O space. See pages 2-3 of the Office Action dated 11/14/2007. Clearly, Covey does not 
disclose any type of a multi-table I/O space access. Covey discloses page tables that include 
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page descriptors and labels, which are used to address the memory 70. However, the Examiner 
is, indeed, correct in indicating that Covey is clearly silent on the multi-table I/O space. 
Moreover, Couleur does not make up for this deficit. The conflicting arguments provided by the 
Examiner clearly do not support an argument that Covey and Couleur allegedly disclose or make 
obvious all of the elements of claim 1 of the present invention. 

The Examiner asserts that Couleur teaches a multi-table I/O space; however, this is 
clearly not the case. Couleur is directed to converting virtual addresses to absolute addresses 
using page tables. See Abstract of Couleur; col. 2, lines 20-29. However, Couleur is explicit in 
indicating that each peripheral that is connected to an I/O unit relates to a particular page table . 
In other words, even though several page tables are disclosed, multi-table memory access is not 
disclosed or made obvious since each peripheral is associated with only one page table . There is 
clearly no disclosure of a multi-table I/O space. See Abstract; col. 2, lines 20-29. Couleur 
clearly indicates that each peripheral device connected to the I/O unit is associated with a page 
table in memory. See col. 2, lines 20-23. Those skilled in the art would not find obvious a 
multi-table I/O space based upon this disclosure. Further, even if arguendo, Couleur were to be 
combined with Covey in the manner alleged by the Examiner, as described above, another 
element, which relates to establishing a security level for the software object, is clearly not 
disclosed or made obvious by Covey, Couleur, or their combination. 

Applicants respectfully assert that Covey, Couleur, and/or their combination do not teach 

or disclose all of the elements of claim 1-3, 12-14 and 16 of the present invention. In order to 
establish a prima facie case of obviousness, the Examiner must consider the following factors: 1) 
there must be some suggestion or motivation, either in the references themselves or in the 
knowledge generally available to one of ordinary skill in the art, to modify the reference or to 
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combine the teachings; 2) there must be a reasonable expectation of success; and 3) the prior art 
reference(s) must teach or suggest all the claim limitations. MPEP § 2143 (2005) (citing In re 
Vaeck, 947 F.2d 488, 20 U.S.P.Q.2d 1438 (Fed. Cir. 1991). In making an obviousness rejection, 
it is necessary for the Examiner to identify the reason why a person of ordinary skill in the art 
would have combined the prior art references in the manner set forth in the claims. KSR Int'l 
Co. V. Teleflex, Inc., at 14, No. 04-1350 (U.S. 2007). Applicants respectfully submit that the 
Examiner has not met this burden. If fact, as illustrated below. Covey and Couleur would not be 
combined in the manner set forth in the claims. Further, the Examiner has failed into identify 
why those skilled in the art would combine Covey and Couleur. Further, even if Covey and 
Couleur were combined, all elements of claims 1-3, 12-14 and 16 would not be taught or made 
obvious by this combination. Accordingly, Applicants respectfully submit that a prima facie 
case of obviousness has not been established in rejecting claims 1-3, 12-14 and 16. 

Those skilled in the art simply would not be motivated to combine Couleur with Covey. 
The Examiner has failed to identify any particular reason to provide such a combination to make 
obvious any of the claims of the present invention. Couleur is subject matter that relates to 
memory access, specifically page memory. In contrast. Covey is directed to execution of 
untrusted software but only discloses security levels relating to data and not to the software 
object. In fact, as described above. Covey explicitly states that software need not be examined 
before handing secure data. Those skilled in the art simply would not find any reason to 
combine these to cited prior art references to make obvious any of the claims of the present 
invention. The Examiner has failed to provide or identify any such reasons. Couleur is from a 
different generation of computer technology as compared to Covey and relates to entirely 
different processes. Without using proper hindsight reasoning, those skilled in the art simply 
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would not combine them in the manner claimed. Further, as described above, the combination of 
Covey and Couleur still would not disclose, teach, or make obvious all of the elements of claim 
1 of the present invention. Applicants have pointed to several factors why those skilled in the art 
simply would not combine Covey and Couleur in the manner claimed by claim lof the present 
invention. Accordingly, claim 1 of the present invention is allowable for at least the reasons 
cited herein. 

Claim 12 calls for an apparatus that comprises means for performing a multi-table I/O 
space access using at least one of a security level that may be established for said software object 
being executed. Therefore, as described above, Covey and Couleur do not disclose or make 
obvious means for performing a multi-table (I/O) space access. Accordingly, claim 12 of the 
present invention is allowable. 

Claim 13 calls for an (I/O) access interface that is coupled to a bus and a memory unit 
wherein the memory access interface is capable of providing a processor of a multi-level table 
I/O space access to access a portion of the memory unit. As described above. Covey and 
Couleur do not disclose or make obvious the multi-level table I/O space access. Accordingly, 
all of the elements of claim 13 of the present invention are not taught, disclosed, or made 
obvious by Covey and Couleur. Therefore, claim 13 of the present invention is allowable. 
Further, claim 17 calls for a computer programmable device encoded with instructions which, 
when executed by a computer, performs a method that includes performing a multi-table I/O 
space access, which for at least the reasons cited above, is not taught, disclosed, or made obvious 
by Covey and Couleur. Therefore, claim 17 of the present invention is allowable. 
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Independent claims 1, 12, and 13 are allowable for at least the reasons cited above. 
Additionally, dependent claims 2-7, 9-11, 14-16, and 18-20, which respectively depend from 
claims 1, 8, 12, 13, and 17, are also allowable for at least the reasons cited above. 

Further, Applicants acknowledge and appreciate that the Examiner has allowed claims 8- 
11 and 17-20. Further, Applicants appreciate that claims 4, 15, 5-7 contain allowable subject 
matter, as indicated by the Examiner. Additionally, in light of the arguments provided herein, all 

pending claims of the present invention are allowed. 

Reconsideration of the present application is respectfully requested. 

In light of the arguments presented above. Applicants respectfully assert that claims 1-20 
are allowable. In light of the arguments presented above, a Notice of Allowance is respectfully 
solicited. 

If for any reason the Examiner finds the application other than in condition for 
allowance, the Examiner is requested to call the undersigned attorney at the Houston, 
Texas telephone number (713) 934-4069 to discuss the steps necessary for placing the 
application in condition for allowance. 

RespectfiiUy submitted, 

WILLIAMS, MORGAN & AMERSON, P.C. 
CUSTOMER NO. 23720 

Date: August 11.2008 By: /Jaison C. John/ 

Jaison C. John, Reg. No. 50,737 

10333 Richmond, Suite 1100 

Houston, Texas 77042 

(713) 934-7000 

(713) 934-7011 (facsimile) 

ATTORNEY FOR APPLICANT(S) 
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